Join Pete Zerger for an in-depth discussion in this video Intro to Exchange Online ATP, part of Microsoft Cybersecurity Stack: Advanced Identity and Endpoint Protection.
- [Instructor] Microsoft Exchange Online Advanced Threat Protection, or ATP, is a cloud-based, email filtering service that helps protect your organization against unknown malware and viruses, by providing zero-day protection. And includes features to safeguard your organization from harmful links in real time. ATP includes advanced reporting and URL trace capabilities. It gives administrators insight into the types of attacks happening in your organization right now.
While Exchange Online ATP can be used for Office 365 hosted mailboxes, it can be used in a number of scenarios. For example, in an Exchange Online Protection filtering-only scenario, ATP provides cloud-based email protection for your on-premise exchange server 2013 environment, legacy exchange server versions, or any other on-premise SMTP email solution. In a hybrid deployment, ATP can be configured to protect your messaging environment and control mail routing when you have a mix of on-premises and cloud hosted mailboxes with Exchange Online Protection for inbound, email filtering.
There are two options we should differentiate, Office 356 ATP, and Exchange Online Protection. Which have some features that sound similar, but there are some nuances here. Office 365 ATP goes a step further and will scan URL's and emails using a reputation checking service. There are two key capabilities in Exchange ATP that help prevent the most common way in the front door for a threat agent, a phishing attack. The first, is Safe Links, which pro-actively protects your users from malicious hyperlinks in a message.
The protection remains every time the user clicks the link as malicious links are dynamically blocked while good links can be accessed. Safe Attachment, which protects against unknown malware and viruses and provides zero-day protection to safeguard your messaging system. All messages and attachments that don't have a known virus or malware signature, are routed to a special environment. A detonation chamber where ATP uses a variety of machine learning and analysis techniques to detect malicious intent.
If no suspicious activity is detected, the message is released for delivery to the mailbox. A recent industry report suggested that more than 90 percent of security breaches start with a phishing attack. The weak link, is typically a trusting end user. In fact, if a hundred users receive a suspicious email with a malicious link or an attachment, 25 will open that message. 12 will click the link, or open the attachment, and six will do so within the first hour.
So we don't have long to respond. User education is certainly one way to reduce the likelihood users will open malicious messages. But in attacks designed specifically for your organization, called Spear phishing attacks, these messages can look totally legitimate. A layer of intelligence between the click opening the URL or attachment can make all the difference.
- Configuring virtual-based security
- Securing email
- Implementing post-breach defense
- Protecting the cloud with Azure AD
- Using Windows Defender ATP
- Managing privileged access in Azure